Firing up Netflix in a browser, I decided to see what could be found. Wireshark was my main cohort in this exercise. Selecting 'Statistics...Conversations' and then sorting by Bytes gave me these:
Back in the main capture, I looked at what order these remote IP's were referred and then tried a reverse DNS lookup:
>nslookup 50.19.81.73
Name: ec2-50-19-81-73.compute-1.amazonaws.com
Address: 50.19.81.73
>nslookup 65.126.84.9
Name: a65-126-84-9.deploy.akamaitechnologies.com
Address: 65.126.84.9
>nslookup 65.126.84.11
Name: a65-126-84-11.deploy.akamaitechnologies.com
Address: 65.126.84.11
>nslookup 65.126.84.18
Name: a65-126-84-18.deploy.akamaitechnologies.com
Address: 65.126.84.18
So it seems the main 'logic' of the website such as account login, pulling up my favorites, and searching for movies is hosted on Amazon. My guess is that the movie poster images are hosted on Akamai. The HTTP content of that field confirms:
GET /en_us/boxshots/166/60020865.jpg HTTP/1.1\r\n
Host: cdn-5.nflximg.com\r\n
Keep-Alive: 115\r\n
Connection: keep-alive\r\n
Referer: http://movies.netflix.com/WiHome\r\n
Finally, I pulled out the TCP stream for the top flow based on Bytes.
A 'whois' on the IP reveals it is from Level3:
NetRange: 8.0.0.0 - 8.255.255.255
CIDR: 8.0.0.0/8NetType: Direct Allocation
OrgName: Level 3 Communications, Inc.
The Wireshark decode shows an HTTP/1.1 stream (Content-Type: application/octet-stream\r\n , Server: Level-3 Origin Storage/1.5\r\n)
A little bit of packet capture tells us they use Amazon Web Services for the front-end and account logic, Akamai for static content, and Level3 Storage for the media streams. Some to-do items: check browser data for the application type that plays the media and look for TCP header data to learn more about flow control and media streaming.
No comments:
Post a Comment